============================================================ EDRI-gram biweekly newsletter about digital civil rights in Europe Number 5.22, 21 November 2007 ============================================================ Contents ============================================================ 1. UK Government loses personal data on 25 million citizens 2. German Parliament adopted the data retention law 3. IGF 2007: still a long way to effective outcome 4. Lisbon Conference "On RFID - The next step to the Internet of Things" 5. EC announces a larger investigation of the Google-Doubleclick deal 6. Data Protection Act infringed by UK Foreign Office 7. DNA tests approved by French Constitutional council 8. Attack on Russian opposition media claiming copyright infringement 9. Big Brother Awards 2007 - Austria and Switzerland 10. UK govt asks Internet companies to assist in fighting online terrorism 11. PirateBay wants a new software standard to replace BitTorrent 12. ENDitorial: CoE - Content Regulation: Break On Through; IPR: It's Tricky 13. Recommended Reading 14. Agenda 15. About ============================================================ 1. UK government loses personal data on 25 million citizens ============================================================ British Prime Minister Gordon Brown had had to apologise to Parliament after two computer discs containing the personal data of 25 million citizens were lost in the post. The disks contained the database on child benefit - a welfare payment made to the families of all children in Britain. The data include children's and parents' names, addresses and dates of birth, together with parents' national insurance numbers and bank account details. The disks were not encrypted but merely "password protected". Britain's most senior tax official, the head of HM Revenue and Customs, has resigned. The story has spread to a number of other systems that the government is building to make ever more information on citizens available to ever more public-sector workers. For example, there's a plan to link up children's databases so that a child's medical records, school records, police records and social-work records can be available to workers who contact the child or its parents; this was condemned as both unsafe and illegal by a November 2006 report by EDRI-member Foundation for Information Policy Research (FIPR) for the Information Commissioner. There's also a plan to build several national medical record databases that will contain the records of tens of millions of patients; a parliamentary health committee report urged that patients be given the right to opt out. The government brushed aside such complaints and kept on with its "database state" programme. However, the current scandal has put privacy and data protection at the centre of the political agenda. Government security failure (20.11.2007) http://www.lightbluetouchpaper.org/2007/11/20/government-security-failure/ Brown apologises for data blunder (21.11.2007) http://politics.guardian.co.uk/economics/story/0,,2214566,00.html Government under pressure over taxman's giant blunder (21.11.2007) http://www.timesonline.co.uk/tol/news/uk/article2912937.ece Second-class and lost in the post (21.11.2007) http://www.timesonline.co.uk/tol/comment/columnists/alice_miles/article29102... (contribution from Ross Anderson - EDRI-member FIPR - UK) ============================================================ 2. German Parliament adopted the data retention law ============================================================ The German Federal Parliament adopted on 10 November 2007 the law that implements the EU data retention directive in the German legislation by amending the current wire tapping legislation. This has triggered a strong reaction of the opposition and civil society, more than 13 000 citizens signing to challenge of the law to the Constitutional Court. The law passed in an open vote (on request by the Greens and the Liberal Party) with 366 parliamentarians voting for the data retention regulations and 156 against them. The members of the SPD (Social Democratic Party), CDU (Christian Democratic Union) and CSU (Christian Social Union) voted for the law pushed by the Federal Minister of Justice Brigitte Zypries and Federal Minister of the Interior Wolfgang Schduble. The new law will enter into force on 1 January 2008, when all the telecommunication providers will be requested to keep the traffic data for six months. For the Internet services, this obligation will start at the beginning of 2009. The Internet traffic data will include storing the email addresses, IPs and time stamps in the case of electronic mail. The providers of anonymisation services are also obliged to respect the same provisions. All these data will be accessible to the law enforcement authorities. But while the police, court and state prosecutors will need a court order to access the information, others - such as the intelligent services - will be able to access the data without any restriction. The adoption of the law by the Parliament led to a massive response from the civil society, media associations and opposition. The number of the signatories of the constitutional challenge of the law reached to 13 000 in just a few days. The German working group on data retention that is leading this action announced that the list is still open for signatories until 24 December. The action can be filed with the court in Karlsruhe only after the law has been published in the Official Gazette. Patrick Breyer from the working group explains: "According to our constitution, parliament's powers are limited by the civil rights. It is unheard of that some representatives seem to think that they are no longer responsible for the up-holding of our civil rights." Criticism of the law was made by the personal data protection authorities, such as the Federal Commissioner for Data Protection Peter Schaar complaining that the Federal Parliament "agreed to the data retention of telecommunication data in absence of any suspicion irrespective of the grave doubts as to its constitutionality" and explaining that the German law exceeds the EU directive on data retention. The Commissioner for Data Protection to the State of Saxony, Anhalt Harald von Bose, joined the harsh comments: "To see this cut-back on personal liberty rights occur on the day of the Fall of the Wall, November 9, is a bitter fact of life." Media associations have also complained about the lack of special requirements in the case of confidential relationships in professional contexts. The board of the German Journalists' Union, part of the trade union verdi.de, asked their members to support the constitutional challenge promoted by the civil society. Other journalist associations, such as the Federal Association of German Newspaper Publishers, the Association of German Magazine Publishers and the German Association of Specialised Journalists steeped up to show their concerns on the adopted law. Even the former Federal Minister of Justice Leutheusser-Schnarrenberger has renewed her criticism against the state mandated "retention-craze". There would be "a real chance that this could lead to a surveillance society", she said. German Data Retention working group http://www.vorratsdatenspeicherung.de/ Parliament voted in favour of revision of data retention law (10.11.2007) http://bitkanone.ccc.de/news/parliament-voted-in-favour-of-revision-of-data Federal Parliament passes data retention and wire tapping legislation (17.11.2007) http://www.heise.de/english/newsticker/news/99158/ Sharp response to rubber stamping of data retention legislation (17.11.2007) http://www.heise.de/english/newsticker/news/99159/ 13,000 determined to file suit against data retention legislation (17.11.2007) http://www.heise.de/english/newsticker/news/99161/ EDRI-gram: Largest anti-surveillance street protest in Germany for 20 years (26.09.2007) http://www.edri.org/edrigram/number5.18/liberty-instead-of-fear ============================================================ 3. IGF 2007: still a long way to effective outcome ============================================================ The Internet Governance Forum (IGF) that took place this year in Rio de Janeiro was attended by over1300 participants from 109 countries and focused on the following main themes - critical Internet resources, access, diversity, openness and security. In total there were 84 events in a 4-day time frame (12-15 November 2007) where people could participate in any plenary sessions, workshops, best practice sessions, dynamic coalition meetings and other related meetings. The UN Undersecretary-General Sha Zhukang explained in the opening session the scope of the IGF: "The United Nations does not have a role in managing the Internet. But we do embrace the opportunity to provide, through this forum, a platform that helps to ensure the Internet's global reach." However, the still-present subject of moving ICANN out of the US influence was brought back to the table by some participants. Russian representative Konstantin Novoderejhkin asked the UN to start a group for moving Internet governance "under the control of the international community." He was backed up by other states, including Brazilian officials who asked for an independent ICANN. The U.S. Representatives replied that the present arrangement prevents "other countries from censoring Web sites by deleting entries out of domain name directories." Another strong supporter of the status-quo was Vincent Cerf that explained: "ICANN has existed for eight years and done a great job with its plans for internationalisation.'' He also emphasised that the government attempts to control the Internet will probably fail. Other important topics were also on the agenda of the IGF. Network neutrality was seen as an important proposal of the global public policy. Japanese Vice Minister for Policy Coordination Kiyoshi Moric considered network neutrality "as one of three key issues that had to be addressed." Amnesty International used the opportunity to renew its call to governments and companies to make human rights central to Internet governance. Nick Dearden, part of Amnesty International's delegation to the IGF, explained: "In the 12 months since the last IGF we've witnessed the crisis in Burma, where the Internet was used to get images and information out of the country and to mobilize people all over the world to take action. On the other hand we have also monitored the increase in censorship, filtering and blocking of websites." IP Justice identified in their public report of the IGF 2007 three major areas where this year Forum has proved to be useful: high quality of the workshops and best practice sessions, world-class technical capabilities and remote participation opportunities and offline interactions & networking opportunities. But it has also highlighted other subjects that could be improved in the next sessions such as: human rights and other controversial topics avoided in main sessions, emphasizing lack of gender balance and exclusion of young voices in main sessions that were dominated by established players. Would this be enough to make IGF more than a worldwide conference on Internet governance? While there is still a long way to go for the IGF making any recommendation, the Forum has been given a mandate from the Tunis World Summit on the Information Society entailing a number of functions that obviously cannot be effectively fulfilled by an annual conference. This was precisely the issue discussed at a workshop organized by the civil society Internet governance caucus on "fulfilling the mandate of the IGF". One simple idea came out, inter alia, from this workshop, which is to leverage proposals issued from workshops and other dynamic coalitions meeting, by bringing them to wider discussion in IGF plenary sessions. Among such outcomes worth discussing at a broader level, one could be the joint proposal from the Council of Europe (CoE) and the Association for Progressive Communications (APC) to set up a "mechanism to foster participation, access to information and transparency in Internet governance". As explained by CoE and APC, "the mechanism should ensure that all the institutions which play a role in some aspect of governing the internet commit to transparency, public participation, including participation of all stakeholders, and access to information in their activities". CoE and APC propose to consider, as a prototype to such a mechanism, the United Nations Economic Commission for Europe's Aarhus Convention on Access to Information, Public Participation in Decision-making and Access to Justice in Environmental Matter. The next year Internet Governance Forum will take place in New Delhi, India and is scheduled for 8-11 December 2008. Internet Governance Forum (IGF) http://www.intgovforum.org/ Second Meeting of the Internet Governance Forum (IGF) - Chairman's Summary (16.11.2007) http://www.intgovforum.org/Rio_Meeting/Chairman%20Summary.FINAL.16.11.2007.p... IP Justice Report on 2007 Internet Governance Forum (IGF) (19.11.2007) http://ipjustice.org/wp/2007/11/19/2007-igf-rio-wrap-up/ U.S. Control Of Internet Still A Concern (16.11.2007) http://www.webpronews.com/topnews/2007/11/16/u-s-control-of-internet-still-a... Internet Governance Forum: Test Of A New Global Governance Model (14.11.2007) http://www.ip-watch.org/weblog/index.php?p=822 Rio IGF 2008: Amnesty renews its call on governments and companies to make human rights central to Internet governance (16.11.2007) http://www.mediaforfreedom.com/ReadArticle.asp?ArticleID=6258 CoE-APC joint press release (13.11.2007) http://www.apc.org/english/news/index.shtml?x=5310569= EDRI-gram: ENDitorial : IGF - UN innovation or just another conference ? (8.11.2006) http://www.edri.org/edrigram/number4.21/enditorial ============================================================ 4. Lisbon Conference "On RFID - The next step to the Internet of Things" ============================================================ Last week the conference "On RFID", organised by the Portuguese Presidency with support of the European Commission DG Information Society, took place in Lisbon. During the one and a half days of the conference a number of topics were discussed, that could be crucial for the future development of RFID technology. Privacy and security were the topics of a panel discussion held during the morning of the first day. The participants in this discussion, representatives of industry, consumer, data protection and international organisations, all shared the opinion that security and privacy by design is the proper way for advancements of RFID technology. As Reinhard Posch, representative of the European Network and Information Security Agency (ENISA), stated, the assumption that cloning of RFID tags is too expensive to constitute a risk, is not sustainable. Therefore, the utilisation of strong cryptography will be necessary to technically ensure a proper level of data protection. With regards to data protection in the field of RFID, Peter Hustinx, the European Data Protection Supervisor, stated in his intervention that first it is necessary to properly implement the data protection rules that already exist and that probably some clarifications of these rules (as the one on the concept of personal data by the Article 29 working party) need to be made to ensure that they are understood and implemented correctly. At the end of this process it might well turn out that additional regulations are needed to address new problems that might arise when implementing and deploying RFID technology. According to Mr. Hustinx, a key issue that should be addressed in RFID research is, that users get control over the technology and that they are enabled to explicitly opt-in to the use of RFID, if they so wish. Among the participants of the conference was Humberto Moran, founder and director of Friendly Technologies Ltd. His company claims to have invented "a privacy-friendly system for the tracking and control of mobile objects using RFID tags, which cannot be interrogated by unauthorised readers" (patent pending). The main concept of this system is to protect the data on every RFID tag with a password and to hand over the password with the movement of the object from one RFID reader to another. Once the ownership of a tagged object changes the owner also has to hand over the password to the new owner and delete it from his own systems. While this concept certainly has the potential to significantly strengthen the control of individuals in RFID systems, its suitability for real world applications has still to be proven. To this end, Friendly Technologies is currently looking for adequate funding. Not only privacy and security are limiting factors for the development of RFID systems. While the size of the silicon chips can be further decreased (more or less constantly following Moore's law), physical limits hinder a further significant reduction of the size of the antennas of RFID Tags. A way to overcome these limitations would be to use higher frequencies for the communication between Tags and Readers, but this again would be subject to limitations due to an increased sensitivity to interferences. Therefore, it was said, a further decrease in the size of RFID Tags is not to be expected in the near future. With regards to RFID research in Europe, a RFID Reference Model developed by the Cluster of European RFID Projects, was presented at the conference. This Reference Model depicts eight main RFID application fields (from "Logistical Tracking & Tracing of Goods" to "Public Services") and research topics relevant to them. In the morning session of the second conference day, RFID governance issues were discussed. Problems here are similar to the situation with the Domain Name Service (DNS) for Internet domain names, since EPCGlobal's Object Name Service (ONS; which provides for tagged objects a service similar to the DNS) is designed to have one central managing authority (like ICANN for DNS). Given the dominant position of the US government with regards to ICANN it is certainly very unlikely that a central component of a future Internet of Things will remain undisputed amongst countries. Therefore a design should be found that allows for a decentralised architecture. As this conference showed, there are many problems that have to be resolved on the way to an Internet of Things. Privacy and security are now clearly topics that have to be addressed and properly answered before a large scale deployment of RFID technology is possible and acceptable. It will however take a while until these answers are implemented and available in technology. As Sanjay Sarma from MIT Auto-ID Labs mentioned in the closing session of the conference, encryption on passive cheap RFID Tags is still five years away. On RFID - The next step to the Internet of Things http://www.rfid-outlook.pt/ Article 29 Working Party: Opinion No. 4/2007 on the concept of personal data http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2007/wp136_en.pdf Patent application: Privacy-friendly RFID system prevents unauthorised interrogation of RFID tags http://v3.espacenet.com/origdoc?DB=EPODOC&IDX=GB2437347&F=0&QPN=GB2437347&RPN=WO2007122425&DOC=deb46d24db99510ac37e37f3bb731aea91 Moore's law http://en.wikipedia.org/wiki/Moore's_law RFID Reference Model http://www.rfid-in-action.eu/public/rfid-reference-model Cluster of European RFID Projects (CERP) http://www.rfid-in-action.eu/cerp MIT Auto-ID Lab http://autoidlab.mit.edu/ (contribution by Andreas Krisch - EDRI-member VIBE!AT ) ============================================================ 5. EC announces a larger investigation of the Google-DoubleClick deal ============================================================ The European Commission (EC) announced on 13 November 2007 that its initial investigation in the deal Google-DoubleClick "indicated that the proposed merger would raise competition concerns in the markets for intermediation and ad serving in online advertising." Therefore the Commission decided to open an in-depth investigation in this case in order to take a final decision on whether the proposed transaction would significantly impede effective competition within the European market or any substantial part of it. The Commission also announced that it would investigate "whether without this transaction, DoubleClick would have grown into an effective competitor of Google in the market for online ad intermediation. It will also investigate whether the merger, which combines the leading providers of respectively, on the one hand, online advertising space and intermediation services, and, on the other hand, ad serving technology, could lead to anti-competitive restrictions for competitors operating in these markets and thus harm consumers." The announcement of the Commission comes after several consumer and data protection groups asked for an detailed investigation on the matter. Privacy International sent on 5 November 2007 a letter, supported by EDRI, to the European Commission DG Competition, Commissioner Kroes, arguing that the merger could have serious implications for privacy innovation in advertising. EC will deliver its opinion by 3 April 2008 and the decision to open this in-depth enquiry does not prejudge the final result of the investigation. Mergers: Commission opens in-depth investigation into Google's proposed take over of DoubleClick (13.11.2007) http://europa.eu/rapid/pressReleasesAction.do?reference=IP/07/1688&format=HTML&aged=0&language=EN&guiLanguage=en European Union Investigates Google-DoubleClick Deal (14.11.2007) http://www.pcworld.com/article/id,139595-c,google/article.html EDRI-gram: EDRI supports PI's comments on Google-Doubleclick merger (7.11.2007) http://www.edri.org/edrigram/number5.21/google-doubleclick-pi-edri ============================================================ 6. Data Protection Act infringed by UK Foreign Office ============================================================ Following an investigation into the online visa application system for UK, the Information Commissioner's Office (ICO) ruled on 13 November 2007 that the Foreign and Commonwealth Office (FCO) was in breach of the Data Protection Act, having failed to properly protect visa applications made over the Internet through its UK visas website. The site is run by FCO together with the Home Office and is outsourced to an Indian company called VFS. The problem was first signalled by a member of the public who alerted VFS being concerned of the fact that he could read details about other applicants. But only this year have VFS and FCO admitted there was a problem after the issue was brought out by a Channel 4 News investigation showing the visa applicant data was not secure. The ICO investigation has shown that at least 50 000 applications to the British High Commission in India were affected and found "inadequate central control of the moves to outsourcing" stating that officials had a "piecemeal" approach to privacy. The report concluded that: "The earlier contracts paid insufficient attention to the requirements of the Data Protection Act and to basic IT security." FCO fully cooperated with ICO during the investigation also providing ICO with an independent report into the breach. ICO asked FCO to sign a formal undertaking to comply with the Data Protection Act which comprises the eight basic principles of personal data protection. "Organisations have a duty to keep our personal information secure (...) If they fail to take this responsibility seriously, they not only leave individuals vulnerable to identity theft, but risk losing confidence and trust" said Mick Gorrill, assistant commissioner at the Information Commissioner's Office. Failure by FCO to meet the terms of the undertaking may lead to further action by the ICO. Foreign Office in breach of the Data Protection Act - ICO Press Release (13.11.2007) http://www.ico.gov.uk/upload/documents/pressreleases/2007/fco_undertaking_13... Government broke data protection laws (14.11.2007) http://www.guardian.co.uk/technology/2007/nov/14/data.protection.breach ============================================================ 7. DNA tests approved by French Constitutional council ============================================================ In a decision published on 15 November 2007, the French Constitutional council approved the introduction of DNA testing in the new immigration law to prove family links for foreign candidates applying for a more than 3 months visa on family regrouping grounds. However, it has further restricted their use, making two explicit reservations. The first reservation makes this provision irrelevant when family links with the mother can be proven by any other legal mean under the law of the mother's country. The second reservation forbids any systematic application of DNA testing, since the Council reminds that all other means to prove family links should be used first by French consulates. With these and previous restrictions made by the French Senate, this provision will indeed be hardly applicable in practice. However, this decision from the Constitutional council is a breach of the French laws on bioethics of 1994 and 2004, which explicitly stipulate that the identification by genetic prints can be done only for medical or scientific research purposes. And, for the first time, this breach is made for administrative purposes. French Constitutional council Decision 2007-557 DC (in French only, 15.11.2007) http://www.conseil-constitutionnel.fr/decision/2007/2007557/index.htm EDRI-gram: Update On Dna And Biometrics In French Immigration Law (24.10.07) http://www.edri.org/edrigram/number4.20/dna-french-immigration-law EDRI-gram: DNA Tests Proposed In France For Family Visa Applicants (26.09.2007) http://www.edri.org/edrigram/number5.18/dna-test-france-visa (Contribution by Meryem Marzouki, EDRI member IRIS - France) ============================================================ 8. Attack on Russian opposition media claiming copyright infringement ============================================================ The local edition of Moscow-based independent newspaper Novaya Gazeta from Samara was closed down on 8 November 2007 by the Russian authorities and its editor Sergei Kurt-Adzhiyev was criminally indicted under the accusation of having violated copyright provisions of the Russian Penal Code, by using counterfeit software. Violations carry up to six years in prison. The problems started on 11 May 2007 right before the so called March of Dissent, led by Kasparov's Other Russia opposition coalition, as the paper was one of the few media company having planned to cover the march. Several officers from the Samara Main Internal Affairs Directorate came to the newspaper offices and seized all of its computers under the accusation of using counterfeit software. Later the same day, all the office papers, including financial ones, were confiscated as well. The case is part of a larger action of the Russian government against independent news media, advocacy organisations and opposition political activists, all police raids having the same pretext of investigating an alleged use of counterfeit software. The actions are taking under the coverage of the repeated concerns expressed by the Western world in relation to the high level of piracy in Russia. "Our law enforcement finally realized that computers are very important tools for their opponents, and they have decided to take away these tools by doing something close to the West's agenda," said Vladimir Pribylovsky, head of the Panorama research institute in Moscow. Novaya Gazeta says it believes its software is legal. According to Vitaly Yaroshevsky, a deputy editor of the newspaper: "This is not a campaign against piracy, it's a campaign against dissent. (...) The authorities want to destroy an opposition newspaper. It doesn't matter if we send more computers to Samara. It doesn't matter if we show we bought computers legally. It will change nothing." The shutting down of the newspaper is also criticised by the Committee to Protect Journalists (CPJ). "The authorities in Samara have effectively silenced an independent newspaper that dared to cover an opposition party campaign in an election year. (...) We call on local prosecutors to drop all charges against Sergei Kurt-Adzhiyev, return all seized equipment and financial documents, and allow the paper to print without fear of harassment." stated Joel Simon, CPJ Executive Director. Samara's police made no comment on the issue stating they would make an official statement at the completion of the investigation. In the mean time, the activist groups in Russia are checking the legality of their software. "Most people are trying to put things in order" said Tatyana Lokshina, head of Demos, a human rights group. Russia Casts A Selective Net in Piracy Crackdown (14.11.2007) http://www.washingtonpost.com/wp-dyn/content/article/2007/11/13/AR2007111302... Novaya Gazeta's work paralyzed due to counterfeit Windows (11.06.2007) http://eng.cnews.ru/news/top/indexEn.shtml?2007/05/11/249382 Russia: Authorities shutter Novaya Gazeta's Samara edition (13.11.2007) http://www.cpj.org/news/2007/europe/russia13nov07na.html EDRI-gram: Putin wants control of Russian Internet (7.11.2007) http://www.edri.org/edrigram/number5.21/putin-russia-internet ============================================================ 9. Big Brother Awards 2007 - Austria and Switzerland ============================================================ The Big Brother Awards ceremonies in Austria and Switzerland took place in the past weeks in Viena, on the 25 October 2007 and in St Gall, on the 9 November 2007, respectively. The Swiss ceremony of the 8th edition of Big Brother Awards was organised by the associations "droitsfondamentaux.ch" and EDRI-member Swiss Internet UserGroup (SIUG). The award for the State and for the entire work was received by the Federal Councillor Christoph Blocher. In the Business category the insurance company HELSANA of Zurich was the winner and CFF and OFT were awarded in the Work place category. The Austrian Big Brother Awards was organised in 2007 by Linux User Group Austria and EDRI-members quintessenz and VIBE!AT . For the Business and Finances category the award was received by Heinrich Frey from the Cab guild for the video surveillance in cabs. The surveillance of the Austrian cab drivers was escalated from radio data transmission records of the personal data of each individual driver to GPS monitoring of the vehicles and personal physical check by an infrared seat contact system, crowned by the installation of "inconspicuous, easily and discretely to install" video systems on cabs introduced by RTS and the cab guild of the chamber of economics. The cab guild stated the data recorded were deleted after 48 hours, but did not give any guarantees for that. The Policy category award was initially won by Claudia Schmied the Minister of Education, Arts and Culture for the still unsolved issues related to the "education evidence" bill, a draft law for the collection of data on pupils, including data on expels from school, social anomalies, attendance of religious classes, remedial needs. The database is linked with the social assurance number and is to be stored for 6 years. The latest draft law does not include sufficient legal protection for pupils and is intended for a large and vague term of "administrative purposes". Only a non-committing right to complaint to the data protection commission is provided by the draft instead of the information and rectification right as stipulated by the data protection law. The award was not given as and is kept "in evidence" for the time being, as a result of a recent amendment to the bill proposed by the Minister that brings some improvements to the draft. Peter van der Arend, of the royal Dutch Telecom KPN has received the award for the Authorities and Administration category for data mining standards for Telecom traffic data. He is the chairman of the Telecom "Lawful Interception" (TC LI) committee in the European Telecom Standards Institute which is in charge of the creation of a uniform system to monitor all fixed line and mobile telephony networks. TC LI changes the requirements of the police and judiciary into technical standards that will be compulsory for all telecom equipment. As such, all telephony networks with carry inborn surveillance from the start. "Lawful Interception" includes a set of rules that goes against the present European laws, being therefore actually illegal. In Communication and Marketing section, the award was received by Anthony E. Zuiker, author of the C.S.I series which present DNA Analysis, criminal search and the "Aushebelung" (by-passing) of civil rights in a biased way, presenting citizens' rights as hindering to an investigation and showing in a positive light the way in which the investigators "smartly" by-pass civil rights. The series are most dangerous as they were taken as examples by other similar type of series, which try to manipulate the public opinion. Hans Dichand, editor-in-chief of the "Kurier" (Courier Newspaper) in Vienna and the power behind the "Kronenzeitung" (Crown Newspaper), which is the most widely circulated daily newspaper in Austria, received the award for a Life's work, as the manipulator of the republic by means of the media he leads that support the strategic goals of their owner. People that are not to the liking of the publisher are exposed in the Kurier with full address and phone number. The positive award Defensor Libertatis was won by Karl Korinek, President of the Constitutional Court for having kept warning about the danger of the fight against terrorism leading to a total surveillance state. He advised on the risk that security may displace the fundamental rights such as the privacy of correspondence, the secrecy of telecommunications and the data security. Big Brother Awards 2007 Switzerland (only in French, 9.11.2007) http://www.bigbrotherawards.ch/2007/presse/pressemitteilungen/bba.pressemitt... Big Brother Awards 2007 Switzerland - Winners (only in German, 9.11.2007) http://www.bigbrotherawards.ch/2007 Austrian Big Brother Awards 2007 - Winners http://www.bigbrotherawards.at/2007/English ============================================================ 10. UK govt asks Internet companies to assist in fighting online terrorism ============================================================ Gordon Brown, British Prime Minister, made a statement on 14 November 2007 announcing, among other security measures, the intention to ask Internet companies to assist the government in its fight against online terrorist propaganda by finding ways to stop such content. The Prime Minister stated the Home Secretary Jacqui Smith was "inviting the largest global technology and Internet companies to work together to ensure that our best technical expertise is galvanized to counter online incitement to hatred". The proposal comes in line with the European Union efforts to find ways to sanction Web sites that display terror material. The Home Office said it was not yet clear if Brown's proposal would need new legislation or only different means of enforcing the present one. According to the British law, it is forbidden to publish statements encouraging terrorism or to disseminate any material considered as terrorist, such as bomb-making information. Based on the so-called "notice and take down" procedures, Internet service providers can be required by companies, authorities and even individuals to remove illegal content such as terrorist material or child pornography. One measure could be the shutting down of allegedly faulty sites including sites hosted abroad. A list of banned sites could be drafted by the government, similarly to the one created by Internet Watch Foundation in 2004 which is up-dated twice a day blocking the access of Britons to overseas child pornography. Another method could be to ask search engines to filter out prohibited content from their search results, or to find ways to stop key words such as "bomb" from leading to terrorist-related sites. According to EDRI-member Ian Brown, researcher at the Oxford Internet Institute, the proposal is fundamentally a losing one and the proposed measures would have very little effectiveness as terrorist content could still be published through file-sharing networks, discussion forums, or access material by means of sophisticated software programs and proxy servers allowing users to anonymously browse the Internet. UK Wants Net Companies to Fight Terror (14.11.2007) http://ap.google.com/article/ALeqM5iUjUtJoE-EKmRVrc3la5fFUp_8SgD8STLKU00 PM statement on security measures (14.11.2007) http://www.number10.gov.uk/output/Page13757.asp ============================================================ 11. PirateBay wants a new software standard to replace BitTorrent ============================================================ The Pirate Bay, the famous torrent Swedish website, may affect BitTorrent programme by developing a new software standard for Internet downloads. According to Peter Sunde, Pirate Bay's co-founder, the site might have a new, more open alternative of file-sharing software at the beginning of next year. In his opinion, BitTorrent might develop in the future some features discouraging the trade of some "pirated materials" which might affect very many users of the site. There are also fears that BitTorrent may gain total control over P2P traffic which led to the creation of a working group that will build an open protocol that could be further developed by anyone without being controlled by anybody. The working group has also in view the development of technical improvements to the current file-sharing methods including the optimisation of upload bandwidth and the increasing of the user privacy degree. BitTorrent's deal with Brightcove, a web distributor of video for CBS, News Corp's Fox Entertainment Group, Viacom, and New York Times can indeed be seen as a threat as commented Eric Garland, chief executive of BigChampagne, a company tracking file sharing. "Future development (of BitTorrent software) will almost certainly be focused on things that do not benefit or further the aims of the pirate" he said. In its turn, BitTorrent does not feel threatened by Pirate Bay's intentions. "We are not really disappointed here," declared Ashwin Navin, president and co-founder of BitTorrent who added: "The pirate community has never paid us a dime." NetzpolitikTV - Interview with Peter from ThePirateBay.org. (29.10.2007) http://netzpolitik.org/2007/netzpolitiktv-026-the-pirate-bay/ File-sharing pirates attempt new software standard (7.11.2007) http://www.news.com/2100-1032_3-6217386.html BitTorrent to be killed by Pirate Bay plans? (31.10.2007) http://www.tech.co.uk/computing/internet-and-broadband/news/bittorrent-to-be... ============================================================ 12. ENDitorial: CoE - Content Regulation: Break On Through; IPR: It's Tricky ============================================================ The 8th meeting of the Council of Europe (CoE) group of specialists on Human Rights in the Information Society (MC-S-IS) was held in Strasbourg on 29-30 October 2007. It was mainly dedicated to discussing draft documents on technical measures and their impact on human rights and particularly freedom of expression. Two areas were more specifically addressed: content regulation and intellectual property. In its position of independent NGO observer to the CoE MC-S-IS, EDRI voices its concerns when needed, including loudly by running campaigns, like the recent one against a new Recommendation failing to uphold online freedom of expression (Rec(2007)11). In this campaign, EDRI statement was endorsed by 34 national and international NGOs, including major freedom of expression, freedom of the press, and human rights groups. However, EDRI is also fully playing its role when promoting CoE outcomes likely to become important tools for online freedom of expression defenders. This is likely to happen very soon, provided that the draft 'Recommendation on measures to promote the respect for freedom of expression and information as regards technical filtering measures' and its accompanying draft "Report on the use and impact of technical filtering measures for various types of content in the online environment, with particular regard to Article 10 of the European Convention on Human Rights" are adopted without important modifications by the Steering Committee on the Media and New Communication Services (CDMC) during its next meeting, and then by the CoE Committee of ministers. Both draft documents have been adopted during this MC-S-IS meeting. Members and observers of the MC-S-IS group discussed the documents prepared by Austria (MC-S-IS group vice-chair) and Armenia representatives, with the help of the MC-S-IS Secretariat as well as of EDRI as observer. EDRI had the opportunity to suggest many changes to both documents before their submission to the whole group, and almost all these changes were included. As many members of the group acknowledged, this Recommendation would be the first important document breaking off the usual national, European and international rhetoric of "technical filtering panacea" to fight illegal or harmful content, in that it reintroduces the need to respect human rights standards, first and foremost freedom of expression, but also the right to privacy and other provisions of the European Convention of Human Rights, including the rule of law principle. One member, namely Norway, insisted though on the "impression the documents gave that governments wont be allowed to any content filtering of blocking" anymore, but it was rather isolated in such position. The final draft document recommends that CoE member States "take measures to promote the respect for freedom of expression and information as regards technical filtering measures in line with provided guidelines", as well as "to bring these guidelines to the attention of all relevant private and public sector stakeholders, in particular those who design, activate, use and monitor technical filtering measures, and civil society, so that they can contribute to their implementation." The draft Recommendation sets out detailed guidelines on: (I) "Using and controlling filters in order to fully exercise and enjoy the right to freedom of expression and information", (II) "Appropriate filtering for children and young people", and (III) "Use and application of filtering systems by State actors and the private sector". Another set of draft documents discussed at the same meeting was far from receiving the same welcome, and it is not even likely to be adopted soon, if at all. These documents are a draft "Recommendation on freedom of expression and information and intellectual property rights in the new information and communications environment" and its accompanying draft report on emerging issues and trends in this context. The former was prepared by Switzerland representative (MC-S-IS group chair) with the help of the Secretariat, and the latter by the Secretariat and an informal working group made up of representatives from France, Malta, Norway and INSAFE/European SchoolNet observer representative. While EDRI has not taken part in the preparation of these documents, it found the drafts submitted for discussion a very positive achievement, and expressed this position to the MC-S-IS group. However, the documents generated an incredibly heated discussion, to the extent that some member States showed a truly blocking attitude, even trying to claim that these issues were out of the MC-S-IS group mandate, and, as if this was not enough, to question the ability of its members and observers to discuss issues dealing with intellectual property. The strongest opponent to the documents was undoubtedly Norway, followed, though less aggressively, by Finland, France and Portugal. ENPA (European Newspaper Publishers' Association) joined this opponent group as observer. In addition to Switzerland, Austria and Armenia advocated in favour of the draft documents, joined by EDRI, INSAFE/European SchoolNet and EBU (European Broadcasting Union) as observers. As the MC-S-IS group chair and vice-chair clarified, these documents specifically address the protection of freedom of expression when using intellectual property digital rights management techniques, which is clearly within the group mandate, especially since a former expert group on copyright issues does not exist anymore, its mandate having been transferred to the MC-S-IS group. It was also reminded that it is the responsibility of the MC-S-IS group to address and explore any issue within its mandate, even controversial ones. Main contentious points relate to guidelines in view of promoting access to knowledge and education, of assisting IP right holders to self-determine how their protected works can be accessed, and of promoting innovative systems of remuneration for right holders who want to allow their protected works to be used and/or reused. The issue should be again on the agenda of next MC-S-IS meetings in 2008. In the mean time, the MC-S-IS group will elaborate a synthesis of main points of disagreement and report to the CDMC. One of the decisions to be made is whether this activity would lead to a CoE Recommendation or to other, even less normative, kind of document or action (some even suggested yet another conference). In this latter case, EDRI and many other NGOs would likely have to consider this as surrender to main lobbies. In addition to these two main discussions, the MC-S-IS group had a quick preliminary exchange of views regarding two possible future documents on understanding the freedom of expression and information with regard to the work of Internet service providers on the one hand, and of online game providers on the other hand. A third document, not yet drafted, is also foreseen on the work of social networking sites operators. A short discussion was held on their relevance, even though these documents would be a set of guidelines for concerned actors rather than normative documents intended to State members. The group agreed that, more generally speaking, web 2.0 services should be addressed in relation with the respect for human rights and human dignity. An informal working group will start preparing inputs on this issue, participants being Switzerland and France, with EDRI as observer. Moreover, the group considered the establishment of a "standard-setting instrument which promotes a coherent pan-European level of protection for children from harmful content when using new communication technologies and services and the Internet, while ensuring freedom of expression and the free flow of information". The general mood inclined towards the lack of relevance of such activity, especially after Austria, Armenia, and EDRI as observer strongly warned of the difficulty, if not the impossibility, to agree on a general definition of harmful content, taking into account the diversity of cultures, values and sensibilities at the pan-European level. Finally, the group had to consider possible new work topics, in view of the renewal of MC-S-IS terms of reference and of the suggestion of themes for the 1st European Ministerial Conference on media and new communication services, to be held in Reykjavik in May 2009 as decided by the CDMC 5th meeting. In addition to the respect for human rights and human dignity in web2.0 that was already decided, search engines as well as the respect for privacy have been suggested by EDRI. Next regular MC-S-IS meeting is scheduled in late March 2008. CoE MC-S-IS public website http://www.coe.int/t/e/human_rights/media/1_intergovernmental_co-operation/M... EDRI-gram: CoE to address the impact of technical measures on human rights (12.04.2007) http://www.edri.org/edrigram/number5.7/coe-human-rights EDRI campaign on new CoE recommendation failing to uphold online freedom of expression (10.10.2007) http://www.edri.org/coerec200711-signatories CDMC 5th meeting report (12.09.2007) http://www.coe.int/t/e/human_rights/media/1_intergovernmental_co%2Doperation... (Contribution by Meryem Marzouki, EDRI member IRIS - France) ============================================================ 13. Recommended Reading ============================================================ Council of Europe Recommendation CM/Rec(2007)16 of the Committee of Ministers to member states on measures to promote the public service value of the Internet, adopted on 7 November 2007 https://wcd.coe.int/ViewDoc.jsp?Ref=CM/Rec(2007)16 Council of Europe Submission to the Internet Governance Forum, Rio de Janeiro, Brazil, 12-15 November 2007, "Building a free and safe Internet" http://www.coe.int/t/dc/files/events/internet/ ============================================================ 14. Agenda ============================================================ 29-30 November 2007, Skopje, Macedonia The International Conference e-Society.Mk on inclusive e-Government http://www.e-society.org.mk 3-4 December 2007, Bonn, Germany Network Neutrality - Implications for Europe http://www.wik.org/content/netneutrality_main.htm 4-5 December 2007, Rome, Italy First QualiPSo Conference - Fostering trust and quality of Open Source Software systems http://www.qualipso.org/index.php?option=com_content&task=view&id=63&Itemid=64 5-7 December 2007, Pisa, Italy Second DELOS Conference on Digital Libraries http://www.delos.info/index.php?option=com_content&task=view&id=606&Itemid=337 27-30 December, Berlin, Germany 24th Chaos Communication Congress http://events.ccc.de/congress/2007/Main_Page 17 January 2008, London, UK Nanotechnology for security and the crime prevention III http://www.nano.org.uk/events/ionevents.htm#security ============================================================ 15. About ============================================================ EDRI-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRI has 28 members based or with offices in 17 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRI-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and visibly on the EDRI website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 2.0 License. See the full text at http://creativecommons.org/licenses/by/2.0/ Newsletter editor: Bogdan Manolea <edrigram@edri.org> Information about EDRI and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring - EDRI-gram subscription information subscribe by e-mail To: edri-news-request@edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. unsubscribe by e-mail To: edri-news-request@edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edrigram-mk.php - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram@edri.org> if you have any problems with subscribing or unsubscribing ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE